browser-guide

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask users for SMS verification codes and for usernames/passwords and then "enter" those credentials to complete login, which requires the LLM to receive and include secret values verbatim in its tool actions/requests, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires using the browser tool to fetch and interact with arbitrary web pages (login walls, QR codes, paywalls, lazy-loaded content) and to snapshot/download page content, so the agent consumes untrusted public third-party content that can materially influence its actions.